EP3651027A1 - Circuits à assurance élevée synchronisés - Google Patents

Circuits à assurance élevée synchronisés Download PDF

Info

Publication number
EP3651027A1
EP3651027A1 EP19199060.5A EP19199060A EP3651027A1 EP 3651027 A1 EP3651027 A1 EP 3651027A1 EP 19199060 A EP19199060 A EP 19199060A EP 3651027 A1 EP3651027 A1 EP 3651027A1
Authority
EP
European Patent Office
Prior art keywords
processor
software routine
processors
software
task
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP19199060.5A
Other languages
German (de)
English (en)
Inventor
Albert J. Bourdon
Gary G. Christensen
Michael G. Godfrey
Sean K. O'keeffe
John R. Owens
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Viasat Inc
Original Assignee
Viasat Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US11/428,508 external-priority patent/US8527741B2/en
Priority claimed from US11/428,516 external-priority patent/US7802075B2/en
Application filed by Viasat Inc filed Critical Viasat Inc
Publication of EP3651027A1 publication Critical patent/EP3651027A1/fr
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/52Program synchronisation; Mutual exclusion, e.g. by means of semaphores
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/1629Error detection by comparing the output of redundant processing systems
    • G06F11/1641Error detection by comparing the output of redundant processing systems where the comparison is not performed by the redundant processing components
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/1629Error detection by comparing the output of redundant processing systems
    • G06F11/1641Error detection by comparing the output of redundant processing systems where the comparison is not performed by the redundant processing components
    • G06F11/1645Error detection by comparing the output of redundant processing systems where the comparison is not performed by the redundant processing components and the comparison itself uses redundant hardware
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/1675Temporal synchronisation or re-synchronisation of redundant processing components
    • G06F11/1683Temporal synchronisation or re-synchronisation of redundant processing components at instruction level
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/52Program synchronisation; Mutual exclusion, e.g. by means of semaphores
    • G06F9/522Barrier synchronisation
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system

Definitions

  • This disclosure relates in general to high-assurance processing and, but not by way of limitation, to redundant circuits used in cryptographic processing.
  • microprocessors may be implemented redundantly. To assure they operate in synchronization, the microprocessors may be run in lock-step fashion such that they perform their execution in unison. Should one processor vary its operation from the other, a comparison function would find the problem.
  • Lock-step designs require circuits that match very closely to prevent one from getting out of synchronization with another. Synchronizers are used to align events that occur at different times. Where circuits cannot be matched or are changed during repair, the lock-step design may no longer operate in synchronization.
  • the present disclosure provides a high-assurance system for processing information.
  • the high-assurance system comprising first and second processors, a task matching circuit, and first and second outputs.
  • the task matching circuit configured to determine a software routine is ready for execution on the first processor, and delay the first processor until the second processor is ready to execute the software routine.
  • the first output of the first processor configured to produce a first result with the software routine.
  • the second output of the second processor configured to produce a second result with the software routine, where the first result is identical to the second result.
  • the present disclosure provides a task matching circuit for synchronizing software on a plurality of processors.
  • the task matching circuit includes first and second inputs, an analysis sub-circuit, and an output.
  • the first input is from a first processor configured to receive a first software routine identifier.
  • the second input is from a second processor configured to receive a second software routine identifier.
  • the analysis sub-circuit determines if the first software routine identifier corresponds with the second software routine identifier.
  • the output is coupled to at least one of the first or second processors and indicates when the first and second software routine identifiers do not correspond. One of the first and second processors is delayed until the first and second software routine identifiers correspond.
  • FIG. 1A a block diagram of an embodiment of a redundant processing system 100-1 is shown.
  • This embodiment uses two processors 120 that synchronize on occasion for high-assurance tasks, but may be out of synchronization at other times when other tasks are being performed.
  • the block diagram is simplified in that only a few blocks are shown that demonstrate high-assurance tasks and a low-assurance task.
  • a task is any discrete function, routine, snippet, applet, program, or process that can be implemented in software and/or hardware. In this example, servicing the input and output ports is high-assurance, but operating status lights is low-assurance.
  • redundant processing is performed where the results are compared to assure a match. Even though this embodiment only shows two redundant sub-circuits, other embodiments could have any number of redundant sub-circuits, e.g., four, six, eight, etc.
  • High-assurance tasks include servicing an input and output ports 112, 104.
  • the input port 112 receives information that is redundantly sent to a first processor 120-1 and a second processor 120-2 for processing.
  • the processing could include formatting, validity checks, cryptographic processing, etc.
  • the processors 120 could be of the same or a similar configuration.
  • the clocks for the processors 120 are not synchronized and could run at different speeds.
  • the first processor 120 could run faster or more efficiently to allow for extra low-assurance tasks to be serviced such as servicing the status lights 144.
  • the processors 120 could disable further interrupts to avoid one or both processors 120 from wandering away from the current task and risking a loss of synchronization.
  • a task manager 108 is used in this embodiment to allow coordinating pursuit of high-assurance tasks by ensuring that each processor performs the shared high-assurance tasks in the same order. These processors may have other tasks interspersed between the shared tasks.
  • One of the processors 120 initiates a high-assurance task and notifies the task manager 108 who makes sure the other processor 120 is ready to initiate the same high-assurance task. When both processors 120 are ready, the task manager 108 notifies both to begin execution.
  • Synchronizers 124 in this embodiment can realign the output from each processor and/or reduce the risk of metastability when going from one clock domain to another.
  • the synchronizer 124 for each processor 120 produces results in synchronization by buffering results from the processor and aligning those results or forgiving any misalignment.
  • the task manager 108 could allow the processors 120 coordinate writing out information such that alignment issues are reduced. This embodiment of the synchronizer would still reduce the risk of metastability when crossing clock domains.
  • the compare circuit 132 checks that the results produced after synchronization match before sending a result to the output port 104. Where there is no match an error is produced and the result is not sent to the output port 104. Some embodiments of the compare circuit 132 may allow the results from each synchronizer 124 to be one or more clock cycles out of sync when performing the comparison without producing an error.
  • FIG. 1B a block diagram of another embodiment of a redundant processing system is shown.
  • This embodiment has two task managers 108 that are used to achieve redundancy in the task management function.
  • Each processor 120 responds to its respective task manager 108-1, 108-2, who then coordinate aligning the task execution.
  • the two processors 120 could be different designs or clocked at different frequencies such that lock-step synchronization is not realized.
  • the task managers 108 keep the processors 120 task aligned for some high-assurance tasks despite any differences in the processors 120. Should the task managers 108 disagree at some point, an error would be produced. Comparison circuits could, for example, be used to check the output of the task managers 108.
  • the synchronized task output comparator 132 acts as in FIG 1A .
  • FIG. 2A a block diagram of an embodiment of a task management circuit 108 interacting with two processors 120 is shown. Only a single task manager 108 is used in this embodiment, but other embodiments could use redundant task managers.
  • the second processor 120-2 initiates task synchronizations as a master of the process and the first processor 120-1 acts as a slave.
  • the second processor 120-2 activates the New_Task signal.
  • the task manager 108 reads the Task_ID value from the second processor 120-2.
  • Activation of the New_Task signal and writing the Task_ID is coded into the task routine run on the second processor 120-2.
  • This embodiment uses an eight bit value to indicate the task identifier, but other embodiments could use a 16-bit, 32-bit value or any other sized value.
  • the Task_ID is unique to a particular high-assurance task run on both processors 120.
  • the task manager 108 activates the Next_Task signal to ask the first processor 120-1 to indicate the next task queued for execution.
  • the first processor activates its New_Task signal to indicate validity of a Task_ID. Where there is no match of both Task_IDs, the task manager 108 asks the first processor to move to the next task by activation of the Next_Task signal. Should the two Task_IDs match or correspond, however, the Task_Match signals are activated. This would signal to both processors 120 to begin to execute the same task indicated by the Task_IDs. If no task match is produced within a predetermined time or number of trials, the processor would discard that task from its queue and continue in one embodiment.
  • FIG. 2B a block diagram of another embodiment of a task management circuit 108 interacting with two processors 120 is shown.
  • either processor can initiate a task synchronization.
  • the first to initiate would act as the master of the process and the other processor would act as the slave.
  • the task manager 108 would work with the master processor 120 until matching tasks are found and executed before allowing another initiation of the task matching process.
  • Alternative embodiments could redundantly implement the task manager 108 and still allow dynamically assigning the master of the process. Disagreement between redundant task managers 108 would be recognized as an error.
  • FIG. 2C a block diagram of an embodiment of redundant task management circuits 108 interacting with two processors 120 is shown.
  • This embodiment utilizes redundancy in the task management circuits 108 to provide high-assurance.
  • Both task management circuits 108 compare tasks and report task incrementing and matching tasks to each other. Where the two task managers 108 are not in agreement, an error is generated.
  • second processor 120-2 acts as a master and the first processor acts as a slave in the process of synchronizing execution of a high-assurance task.
  • the first processor is directly manipulated by the first task manager 108-1, and the second processor is directly manipulated the second task manager 108-2.
  • FIG. 3 a flowchart of an embodiment of a process for aligning processing of some tasks on two circuits is shown.
  • the depicted portion of the process begins in block 304 where the first and second processors 120 receive an interrupt to perform some sort of high-assurance task.
  • the processors 120 could poll a register to determine when a high-assurance task should be initiated.
  • An ISR indicated by the interrupts is started on both processors 120.
  • the two processors 120 may start processing the interrupts at different times in block 308. Further, processing could be rearranged or interrupted such that both processors 120 are not performing the same actions at the same time.
  • both processors could potentially be the master initiating the task matching process, but only one is allowed to master the process.
  • the task manager 108 could arbitrarily, randomly or repeatedly pick one of the two to be the master.
  • one or both processors 120 activate the New_Task line and one is recognized as master.
  • the slave processor 120 is tested to determine if the Task_ID matches with the master processor 120. Where there is no match, the slave processor cycles through tasks as Next_Task is activated successively. At some point in block 316, Task_Match goes active to indicate that both processors 120 have the same Task_ID at the top of their execution queue.
  • Task_Match signals to both processors that they should start execution of the high-assurance task in block 320 and produce an output of some sort.
  • the operation of the processors 120 may or may not be in lock-step during execution of the high-assurance task. Some, all or low-priority interrupts may be disabled during execution of the high-assurance task to control the interrupts tolerated. Synchronization and/or buffering may or may not be done on the output before comparing the outputs from both processors 120. Any errors are handled and reported in block 328.
  • a flowchart of an embodiment of a process 400-1 for managing task alignment for two circuits is shown.
  • the circuits may be state machine driven or processor driven, but in this embodiment both circuits use processors.
  • the depicted portion of the process begins in step 404 where a synchronous or high-assurance task is initiated by a first processor 120.
  • the task manager 108 is told by the first processor's activation of the New_Task line to observe the Task_ID value in block 408.
  • the identification of the task from the second processor is received in block 412.
  • the New_Task line serves to latch the Task_ID into a register of the task manager 108. If operating correctly, both processors have the task ready to execute, but on the second processor, the task may not be at the top of the queue.
  • a test in block 416 determines if the Task_IDs for both processors match. In some embodiments this could be an exact match or just that they correspond. For example, one embodiment may use hexadecimal number for one processor's Task_ID and ASCII for the other processor's Task_ID. The task manager 108 would know how to correspond or translate one to the other. Where the Task_IDs correspond, the Task_Match signal is asserted by the task manager 108 and fed to both processors in block 440. Both processors 120 execute the task in block 444 to produce some output or result. The processors 120 may or may not act in lock-step.
  • the Next_Task signal is activated by the task manager 108. This signal tells the second processor to present the Task_ID for another task.
  • the second processor may randomly, sequentially or use some other scheme to present the next task for a possible match. This embodiment presents tasks thought to be high-assurance first before presenting low-assurance tasks for a possible match.
  • the next Task_ID for the second processor 120 is received by the task manager 108 in block 424.
  • both processors 120 can initiate a task check.
  • the initiating processor masters the process and the non-initiating processor is a slave in the process.
  • the first processor to identify the high-assurance task and activate the New_Task becomes the initiating processor.
  • the initiating processor could be chosen in other ways in other embodiments.
  • the embodiments may be described as a process which is depicted as a flowchart, a flow diagram, a data flow diagram, a structure diagram, or a block diagram. Although a flowchart may describe the operations as a sequential process, many of the operations can be performed in parallel or concurrently. In addition, the order of the operations may be re-arranged.
  • a process is terminated when its operations are completed, but could have additional steps not included in the figure.
  • a process may correspond to a method, a function, a procedure, a subroutine, a subprogram, etc. When a process corresponds to a function, its termination corresponds to a return of the function to the calling function or the main function.
  • the term “storage medium” may represent one or more devices for storing data, including read only memory (ROM), random access memory (RAM), magnetic RAM, core memory, magnetic disk storage mediums, optical storage mediums, flash memory devices and/or other machine readable mediums for storing information.
  • ROM read only memory
  • RAM random access memory
  • magnetic RAM magnetic RAM
  • core memory magnetic disk storage mediums
  • optical storage mediums flash memory devices and/or other machine readable mediums for storing information.
  • machine-readable medium includes, but is not limited to portable or fixed storage devices, optical storage devices, wireless channels, and/or various other mediums capable of storing, containing or carrying instruction(s) and/or data.
  • embodiments may be implemented by hardware, software, scripting languages, firmware, middleware, microcode, hardware description languages, and/or any combination thereof.
  • the program code or code segments to perform the necessary tasks may be stored in a machine readable medium such as a storage medium.
  • a code segment or machine-executable instruction may represent a procedure, a function, a subprogram, a program, a routine, a subroutine, a module, a software package, a script, a class, or any combination of instructions, data structures, and/or program statements.
  • a code segment may be coupled to another code segment or a hardware circuit by passing and/or receiving information, data, arguments, parameters, and/or memory contents. Information, arguments, parameters, data, etc. may be passed, forwarded, or transmitted via any suitable means including memory sharing, message passing, token passing, network transmission, etc.
  • Implementation of the techniques, blocks, steps and means described above may be done in various ways. For example, these techniques, blocks, steps and means may be implemented in hardware, software, or a combination thereof.
  • the processing units may be implemented within one or more application specific integrated circuits (ASICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable gate arrays (FPGAs), processors, controllers, micro-controllers, microprocessors, other electronic units designed to perform the functions described above, and/or a combination thereof.
  • ASICs application specific integrated circuits
  • DSPs digital signal processors
  • DSPDs digital signal processing devices
  • PLDs programmable logic devices
  • FPGAs field programmable gate arrays
  • processors controllers, micro-controllers, microprocessors, other electronic units designed to perform the functions described above, and/or a combination thereof.
  • the techniques, processes and functions described herein may be implemented with modules (e.g., procedures, functions, and so on) that perform the functions described herein.
  • the software codes may be stored in memory units and executed by processors.
  • the memory unit may be implemented within the processor or external to the processor, in which case the memory unit can be communicatively coupled to the processor using various known techniques.
  • the disclosure comprises the following items:

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Quality & Reliability (AREA)
  • Hardware Redundancy (AREA)
EP19199060.5A 2005-07-05 2006-07-05 Circuits à assurance élevée synchronisés Pending EP3651027A1 (fr)

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US69707105P 2005-07-05 2005-07-05
US69707205P 2005-07-05 2005-07-05
US11/428,508 US8527741B2 (en) 2005-07-05 2006-07-03 System for selectively synchronizing high-assurance software tasks on multiple processors at a software routine level
US11/428,516 US7802075B2 (en) 2005-07-05 2006-07-03 Synchronized high-assurance circuits
EP06786509A EP1907937A4 (fr) 2005-07-05 2006-07-05 Circuits a assurance elevee synchronises
PCT/US2006/026376 WO2007006013A2 (fr) 2005-07-05 2006-07-05 Circuits a assurance elevee synchronises

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
EP06786509A Division EP1907937A4 (fr) 2005-07-05 2006-07-05 Circuits a assurance elevee synchronises

Publications (1)

Publication Number Publication Date
EP3651027A1 true EP3651027A1 (fr) 2020-05-13

Family

ID=37605229

Family Applications (2)

Application Number Title Priority Date Filing Date
EP19199060.5A Pending EP3651027A1 (fr) 2005-07-05 2006-07-05 Circuits à assurance élevée synchronisés
EP06786509A Ceased EP1907937A4 (fr) 2005-07-05 2006-07-05 Circuits a assurance elevee synchronises

Family Applications After (1)

Application Number Title Priority Date Filing Date
EP06786509A Ceased EP1907937A4 (fr) 2005-07-05 2006-07-05 Circuits a assurance elevee synchronises

Country Status (4)

Country Link
EP (2) EP3651027A1 (fr)
CA (1) CA2614330A1 (fr)
IL (1) IL188414A (fr)
WO (1) WO2007006013A2 (fr)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8527741B2 (en) 2005-07-05 2013-09-03 Viasat, Inc. System for selectively synchronizing high-assurance software tasks on multiple processors at a software routine level
US8190877B2 (en) 2005-07-05 2012-05-29 Viasat, Inc. Trusted cryptographic processor
JP6360387B2 (ja) 2014-08-19 2018-07-18 ルネサスエレクトロニクス株式会社 プロセッサシステム、エンジン制御システム及び制御方法
US10241958B2 (en) * 2014-08-29 2019-03-26 Microsoft Technology Licensing, Llc Configurable synchronized processing of multiple operations
US10599513B2 (en) 2017-11-21 2020-03-24 The Boeing Company Message synchronization system
US10528077B2 (en) 2017-11-21 2020-01-07 The Boeing Company Instruction processing alignment system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5353436A (en) * 1987-11-09 1994-10-04 Tandem Computers Incorporated Method and apparatus for synchronizing a plurality of processors
US20040153857A1 (en) * 2002-07-12 2004-08-05 Nec Corporation Fault-tolerant computer system, re-synchronization method thereof and re-synchronization program thereof
GB2399426A (en) * 2003-03-12 2004-09-15 Sharp Kk Fault detection in data processing apparatus

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0773059A (ja) * 1993-03-02 1995-03-17 Tandem Comput Inc フォールトトレラント型コンピュータシステム
US5544304A (en) * 1994-03-25 1996-08-06 International Business Machines Corporation Fault tolerant command processing
US6363464B1 (en) * 1999-10-08 2002-03-26 Lucent Technologies Inc. Redundant processor controlled system
GB0012352D0 (en) 2000-05-22 2000-07-12 Northern Telecom Ltd Reliable hardware support for the use of formal languages in high assurance systems
JP4217158B2 (ja) 2002-01-23 2009-01-28 インテリテック コーポレイション 電子回路のライセンスされた引渡しおよび課金をするための管理システム、方法および装置
JP2005167526A (ja) 2003-12-02 2005-06-23 Hitachi Ltd 複数の制御情報に基づく電子透かし情報の埋込み及び検出方法並びにその制御装置

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5353436A (en) * 1987-11-09 1994-10-04 Tandem Computers Incorporated Method and apparatus for synchronizing a plurality of processors
US20040153857A1 (en) * 2002-07-12 2004-08-05 Nec Corporation Fault-tolerant computer system, re-synchronization method thereof and re-synchronization program thereof
GB2399426A (en) * 2003-03-12 2004-09-15 Sharp Kk Fault detection in data processing apparatus

Also Published As

Publication number Publication date
IL188414A0 (en) 2008-11-03
CA2614330A1 (fr) 2007-01-11
WO2007006013A2 (fr) 2007-01-11
EP1907937A2 (fr) 2008-04-09
EP1907937A4 (fr) 2010-01-13
WO2007006013A3 (fr) 2009-04-16
IL188414A (en) 2013-04-30

Similar Documents

Publication Publication Date Title
US7802075B2 (en) Synchronized high-assurance circuits
US7987385B2 (en) Method for high integrity and high availability computer processing
EP3651027A1 (fr) Circuits à assurance élevée synchronisés
JP5459807B2 (ja) マルチプロセッサデータ処理システムにおけるデバッグシグナリング
US5001712A (en) Diagnostic error injection for a synchronous bus system
EP2558937B1 (fr) Dispositif et méthode de synchronisation lockstep
JPH07129426A (ja) 障害処理方式
US8527741B2 (en) System for selectively synchronizing high-assurance software tasks on multiple processors at a software routine level
JP4599266B2 (ja) シミュレーション装置及びシミュレーション方法
US20120060019A1 (en) Reduction operation device, a processor, and a computer system
US8156371B2 (en) Clock and reset synchronization of high-integrity lockstep self-checking pairs
JP5436422B2 (ja) 高インテグリティと高可用性のコンピュータ処理モジュール
EP0820007B1 (fr) Calculateur à structure pipeline
US20080313384A1 (en) Method and Device for Separating the Processing of Program Code in a Computer System Having at Least Two Execution Units
US6529979B1 (en) Method and apparatus for a high-speed serial communications bus protocol with positive acknowledgement
CA2435001C (fr) Systeme informatique a tolerance de pannes, methode de resynchronisation connexe et programme de resynchronisation connexe
JP2004234144A (ja) プロセッサの動作比較装置および動作比較方法
US6182237B1 (en) System and method for detecting phase errors in asics with multiple clock frequencies
CN100530106C (zh) 多机容错系统内核的实现方法
JP3746957B2 (ja) 論理分割システムの制御方法
JP2009086939A (ja) バス比較型多重系処理装置
WO2023110069A1 (fr) Appareil de traitement de données et procédé mettant en œuvre une étape de verrouillage de logiciel
US6725387B1 (en) Method and apparatus for causing computer system interconnection to be in the same state each time test code is executed
JPH06187184A (ja) 2重系システムの入出力制御装置
JPS6148247A (ja) デ−タ転送方式の異常検出方式

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED

AC Divisional application: reference to earlier application

Ref document number: 1907937

Country of ref document: EP

Kind code of ref document: P

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20201113

RBV Designated contracting states (corrected)

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20220511

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: GRANT OF PATENT IS INTENDED

INTG Intention to grant announced

Effective date: 20230724

GRAJ Information related to disapproval of communication of intention to grant by the applicant or resumption of examination proceedings by the epo deleted

Free format text: ORIGINAL CODE: EPIDOSDIGR1

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

INTC Intention to grant announced (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN